This article can also be found in the Premium Editorial Download "Information Security magazine: Combat the latest malware threats with effective antimalware planning."
Download it now to read this article plus other related content.
The White House, in mid-January, put the Stop Online
Cybersecurity coordinator Howard Schmidt, OMB Intellectual Property Enforcement Coordinator Victoria Espinel, and White House CTO Aneesh Chopra were gracious in their post to the White House’s We the People page and urged for the continuance of an open and democratic Internet. In declaring the administration’s opposition to the controversial SOPA and PIPA pirating laws, Schmidt et al called for a serious legislative response, especially one that doesn’t increase opportunities for hackers to further and easily exploit already vulnerable websites. New legislation, they wrote, must keep online censorship at bay, not inhibit innovation, nor can it mess with the Internet’s core infrastructure, such as the Domain Name System (DNS).
SOPA and PIPA were multiple offenders on many fronts. Had either bill become law, companies were looking at additional administrative and compliance costs in order to keep an eye out for content that could potentially be in violation. Offenders would face an Internet death sentence of sorts; ISPs could take offending sites offline, DNS providers could block users from accessing offending sites and search engines would not list their results. The DNS filtering alone that would be required could run small ISPs and SMBs into millions annually.
The spirit of SOPA and PIPA make sense. Intellectual property should be kept sacred. Creators should be paid for their work; no one should “borrow” media for their websites and ultimately their financial gain, no matter how open you believe the Internet should remain.
Unfortunately, as with most rules, the spirit of the law isn’t always appropriately understood; there’s always room for interpretation. With SOPA and PIPA, there was almost immediate outrage and reaction to the potential pitfalls. Security and privacy experts immediately stood on their soapboxes and 83 prominent Internet pioneers co-signed a letter to Congress stating their opposition. It was only then when lawmakers took notice and ultimately delayed hearings on both bills to further examine their ramifications.
Therein lies the problem. Aside from a few exceptions, we have a largely uninformed Congress when it comes to cybersecurity. It’s all well and good for President Obama to declare the Internet a critical national asset; it’s all well and good to put a cybersecurity coordinator in place; and it’s all well and good say all the right things in public about preventing identity theft, securing critical infrastructure and warning about cyberwar.
But when something like SOPA emerges as a potential game-changing law, there’s a deeper problem at hand. Lawmakers are sold a bill of goods by the MPAA, RIAA, or who-have-you, who spell out their legitimate issue in gory detail and suggest a couple of fancy-schmancy technical solutions that, yes, would solve the problem of online piracy. But no solution to any problem is that easy. And the fact that our lawmakers are still largely in the dark about the underpinnings of the Internet and why it’s just not such a good idea to throw a virtual kill switch on certain websites, or the entire Internet for that matter, is disturbing.
Kudos to those in the security industry who dig their suits out of mothballs on occasion and get before Congress to spell out security problems in plain English for Capitol Hill. Words like censorship, fear, uncertainty and free expression are powerful, and they get the attention of those on The Hill.
Thankfully this time, Congress listened to the experts’ words:
“The U.S. government has regularly claimed that it supports a free and open Internet, both domestically and abroad. We cannot have a free and open Internet unless its naming and routing systems sit above the political concerns and objectives of any one government or industry. To date, the leading role the U.S. has played in this infrastructure has been fairly uncontroversial because America is seen as a trustworthy arbiter and a neutral bastion of free expression. If the U.S. begins to use its central position in the network for censorship that advances its political and economic agenda, the consequences will be far-reaching and destructive.”
That kind of selfless lobbying is what our industry needs more of. Those in security who see themselves as thought leaders and innovators, and thinkers need to do more of this for the greater good. No one understands these ramifications in a business sense better than you.
About the author:
Michael S. Mimoso is Editorial Director of the Security Media Group at TechTarget. Send comments on this column to firstname.lastname@example.org.
This was first published in February 2012